Chat now with support
Chat mit Support

Identity Manager 9.0 LTS - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Synchronizing an Active Directory environment
Setting up initial synchronization with an Active Directory domain Adjusting the synchronization configuration for Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Active Directory user accounts and employees
Account definitions for Active Directory user accounts and Active Directory contacts Assigning employees automatically to Active Directory user accounts Supported user account types Updating employees when Active Directory user account are modified Automatic creation of departments and locations based on user account information Specifying deferred deletion for Active Directory user accounts and Active Directory contacts
Managing memberships in Active Directory groups Login information for Active Directory user accounts Mapping of Active Directory objects in One Identity Manager
Active Directory domains Active Directory container structures Active Directory user accounts Active Directory contacts Active Directory groups Active Directory computers Active Directory security IDs Active Directory printers Active Directory sites Reports about Active Directory objects
Handling of Active Directory objects in the Web Portal Basic data for managing an Active Directory environment Configuration parameters for managing an Active Directory environment Default project template for Active Directory Processing methods of Active Directory system objects Active Directory connector settings

Editing the synchronization project for an Active Directory domain

Synchronization projects in which a domain is already used as a base object can also be opened in the Manager. You can, for example, check the configuration or view the synchronization log in this mode. The Synchronization Editor is not started with its full functionality. You cannot run certain functions, such as, running synchronization or simulation, starting the target system browser and others.

NOTE: The Manager is locked for editing throughout. To edit objects in the Manager, close the Synchronization Editor.

To open an existing synchronization project in the Synchronization Editor

  1. In the Manager, select the Active Directory > Domains category.

  2. Select the domain in the result list.

  3. Select the Change main data task.

  4. Select the Edit synchronization project task.

Related topics

Monitoring the number of memberships in Active Directory groups and Active Directory containers

Table 29: Effective configuration parameters
Configuration parameter Meaning

TargetSystem | ADS | MemberShipRestriction | Container

Number of Active Directory objects allowed per container before warning email is sent.

TargetSystem | ADS | MemberShipRestriction | Group

Number of Active Directory objects allowed per group before warning email is sent.

TargetSystem | ADS | MemberShipRestriction | MailNotification

Default mail address for sending warning emails.

A mechanism to monitor user account memberships to limit the number of members in groups and containers,

  • The ADSAccountInADSGroup and ADSAccounttables are monitored with respect to the number of user account memberships in a group and the number of user accounts in a container.

  • The ADSContactInADSGroup and ADSContact tables are monitored with respect to the number of contact memberships in a group and the number of contacts in a container.

  • The ADSGrouInADSGroup and ADSGroup tables are monitored with respect to the number of contact memberships in a group and the number of groups in a container.

  • The ADSMachineInADSGroup and ADSMachine tables are monitored with respect to the number of computer memberships in a group and the number of computers in a container.

NOTE: The primary groups of Active Directory objects are not taken into account when membership per group is calculated.

Thresholds are set using configuration parameters. If the values in the parameters are exceeded, a warning message is sent to a defined mail address. The warning is only generated the first time the threshold is exceeded. This prevents warnings being send to the given address each time the threshold is exceeded, which could occur during synchronization for example.

Example: Monitoring group memberships

The threshold value for the number of objects in a Members group is limited to ten members (TargetSystem | ADS | MemberShipRestriction | Group=10). The Members group currently contains ten user accounts. When an 11th user account is added, a warning is generated and sent by email to the given address. When further user accounts are added, however, no more warning emails are sent.

Active Directory container structures

Containers are represented by a hierarchical tree structure. The containers that already exist can be loaded from the Active Directory environment into the One Identity Manager database by synchronization. System containers, which are entered into the One Identity Manager database are labeled correspondingly.

Related topics

Creating and editing Active Directory containers

To edit or create a container

  1. In the Manager, select the Active Directory > Container category.

  2. Select the container in the result list and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the container's main data.

  4. Save the changes.
Detailed information about this topic
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen